Tyler Close wrote: > On Wed, Feb 3, 2010 at 1:00 AM, Jonas Sicking <jonas@sicking.cc> wrote: >> Another thing that might be worth noting is that if the UA contains a >> HTTP cache (which most popular UAs do), the UA must never use a cached >> response that was the result of a request that was made with >> credentials, when making a request without. The same goes the other >> way around. > > I gather this is because sites do not reliably use the Vary header? "When a shared cache (see Section 13.7) receives a request containing an Authorization field, it MUST NOT return the corresponding response as a reply to any other request, unless one of the following specific exceptions holds:..." <http://greenbytes.de/tech/webdav/rfc2616.html#rfc.section.14.8> > ... BR, JulianReceived on Wednesday, 3 February 2010 21:34:33 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:13:04 UTC